| macosxhints - Modify Remote Login server to block scripted attacks | If you run a machine that is open to the public internet, and you open up SSH then you've seen these entries in your system logs.
eb 10 07:07:36 localhost sshd[1078]: Illegal user matt from 210.127.248.158 Feb 10 07:07:38 localhost sshd[1080]: Illegal user test from 210.127.248.158 Feb 10 07:07:40 sshd[1082]: Illegal user operator from 210.127.248.158 Feb 10 07:07:42 sshd[1084]: Illegal user wwwrun from 210.127.248.158 Feb 10 07:07:52 sshd[1096]: Illegal user apache from 210.127.248.158 Feb 10 07:07:59 sshd[1104]: Failed password for root from 210.127.248.158 port 58752 ssh2 Feb 10 07:08:01 sshd[1106]: Failed password for root from 210.127.248.158 port 59136 ssh2 Feb 10 07:08:03 sshd[1108]: Failed password for root from 210.127.248.158 port 59176 ssh2 Feb 10 07:08:15 sshd[1122]: Failed password for root from 210.127.248.158 port 60606 ssh2 .…
Looks like someone is trying to break into your machine and you'd be right. It's more than likely a script or robot just knocking on your door, but you never know. This article discusses some ways to lock down SSH and secure your remote connections.